MS Purview for DLP Endpoint not working.

Question

Hello Teams, need help on DLP Endpoint to prevent user to upload sensitivity label files to untrusted domain.
Initially it working as expected when I configure as individual user in the policies but once I change to user group it not working anymore. Anyone encounter same issue? Had microsoft support ticket, but no agent assigned to assist on the issue.

prathista ilango · Answer

Hello KKiat,
It could be because of a variety of reasons. Please check the below to confirm,

Make sure the Service domains setting under "Endpoint DLP settings-&gt;Browser and domain restrictions to sensitive data" is configured properly. Refer here for example scenarios to understand and configure per your requirement: https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings#service-domains&nbsp;
Check the targeted users and devices from the old policy and new policy and make sure the intended user and device are added.&nbsp;
Make sure device is synced for configuration and policy sync under "Device Onboarding-&gt;Devices". If policy sync status is not updated, click on the device and you should be able to see which policy is not updated, like below,
If the above is the case. Check what is the sync status of the policy under DLP policies after modifying the policy, like below. If it is sync in progress, like in my case, wait for it to complete and try. This sync could take up to 2 hours to 24 hours.&nbsp;&nbsp;
If the sync is taking too long or errors out, refer to this article to further troubleshoot: Troubleshooting endpoint data loss prevention configuration and policy sync | Microsoft Learn

Hope this helps!&nbsp;Regards,PI
Please&nbsp;mark as solution, if you find the answer helpful. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.

kkiat · Answer

Hi Prathista Ilango​ ,I have check everything is configured as your step provided. It is working but there is something weird. Same block file if it selected and uploaded from File Share Server it somehow bypasses the block.But it blocked when upload from laptop directory.&nbsp;&nbsp;

prathista ilango · Answer

Hello KKiat,
I am assuming this file share server is onboarded into devices in purview, since you confirmed all the above checks are done. Looks like Network share coverage is not enabled in your case. Please confirm from below,
Purview Portal -&gt; Settings -&gt; Data Loss Prevention -&gt; Endpoint DLP settings -&gt; Network share coverage and exclusions
This needs to be enabled for network shares to honor DLP policies.&nbsp;
Refer to: https://learn.microsoft.com/en-us/purview/dlp-configure-endpoint-settings?view=o365-worldwide#network-share-coverage-and-exclusions&nbsp;
Hope this helps!
Regards,PI
Please&nbsp;mark as solution, if you find the answer helpful. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.
&nbsp;

kkiat · Answer

Hi Prathista Ilango​ ,I had enabled Network share coverage and exclusions but still having issue.When I try upload document from this mapped drive A:\DLP Sample Document, those document does not block by DLP endpoint. But if I copy those files to laptop/device desktop and upload it will be blocked.&nbsp;

kkiat · Answer

Hi Prathista Ilango​&nbsp;I had enabled Network shared coverage and exclusions, but still have same issue.Example: this mapped network drive A:\DLP Sample Document. When I upload document from this folder, those document does not been blocked by DLP endpoint. But if I copy over to laptop desktop and upload it will be blocked.&nbsp;

Forum Discussion

MS Purview for DLP Endpoint not working.

5 Replies